Smartphones are as susceptible as normal computers to attacks from outside sources including viruses, phishing and social engineering efforts. However, as no one operating system dominates the smartphone market, data is more likely to be compromised by leaving the device in the back of a taxi than through virus attacks
Security Guidelines Explained
• encrypt all data that a smartphone receives.
Encryption is the process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.
A VPN is an interface used to connect securely to a computer server over the internet. It is similar to a WAN, however it uses already existing infrastructure like telephone cabling (decreasing cost) but encrypting data to prevent "man in the middle" attacks, packet sniffing and other types of evil hacking attacks.
[http://en.wikipedia.org/wiki/Mobile_virtual_private_network]
VPN used in mobiles compared to VPN used in computer systems is that mobile VPN software is able to handle requests from multiple networks, while disconnecting the network while using a VPN could crash the computer etc.
VPN cache should be cleared after every session because there is a risk that sensitive data which should only be available through the VPN may be accessed on the smartphone, which could compromise the security of the VPN server.
• choose one with a “kill” switch
Use a kill switch to cut the power to the phone or quickly disable some of its functions e.g. networking. This can be used if a hacking attack in progress is detected
AND / OR"By "kill switch" we mean remote wipe capability" (PCWorld). This means that all the phone's sensitive data can be wiped remotely.
• password before opening applications such as e-mail, web browser
Passwords are used to verify the identity of a user: if a phone is stolen a password must be entered to access various applications.
The more passwords, the more secure the smart phone.
• keep data permanently in your data centre, not on the smartphone
This is done so that data is not lost if the mobile phone itself is lost or destroyed which is more likely for a mobile phone than a server.
• some companies can wipe the data off your stolen smartphone remotely
Not unlike a kill switch: a company can be asked to destroy your data if a phone is destroyed, Lost etc.
• only run apps approved by the phone company
Third party apps are more likely to cause security vulnerabilities than the actual phone operating system, since they are done by unknown and often incompetent developers. This means their apps should be put under quality control by the phone company to ensure quality and secure working of apps.
e.g. The Android is much more susceptible to viruses because of its open source structure, while apple tests every app before it can be sold in the iTunes store.
• do not use unsecured Wi-Fi networks (to avoid “man-in-the-middle” attacks
1. An attack in which private data is intercepted before it reaches its destination.
2. A "man in the middle" intercepts data sent from the phone over an unsecured Wi-Fi or Bluetooth network. (This data could be credit card numbers, personal addresses, sensitive files, etc.)
3. ?????
4. Profit.
• do not “jail-break” your smartphone.
Jail breaking means that additional software capability is accessed, which is not approved by the user.
jailbreaking often decreases security because safety features of the phone are disabled. (And can cause a "Bricking" of the mobile phone -- if jailbreaking fails, the phone becomes no more useful than a brick).
Security Guidelines Explained
• encrypt all data that a smartphone receives.
Encryption is the process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.
If you must store sensitive information on it, use a password on the phone and encrypt the data. Devices can be configured so that they ask for a password every time e-mail or a VPN is accessed.
[http://news.cnet.com/8301-27080_3-10424759-245/using-your-smartphone-safely-faq/]
• clear all caches after each VPN (Virtual Private Network) session
[http://en.wikipedia.org/wiki/Virtual_private_network]A VPN is an interface used to connect securely to a computer server over the internet. It is similar to a WAN, however it uses already existing infrastructure like telephone cabling (decreasing cost) but encrypting data to prevent "man in the middle" attacks, packet sniffing and other types of evil hacking attacks.
[http://en.wikipedia.org/wiki/Mobile_virtual_private_network]
VPN used in mobiles compared to VPN used in computer systems is that mobile VPN software is able to handle requests from multiple networks, while disconnecting the network while using a VPN could crash the computer etc.
VPN cache should be cleared after every session because there is a risk that sensitive data which should only be available through the VPN may be accessed on the smartphone, which could compromise the security of the VPN server.
• choose one with a “kill” switch
Use a kill switch to cut the power to the phone or quickly disable some of its functions e.g. networking. This can be used if a hacking attack in progress is detectedAND / OR "By "kill switch" we mean remote wipe capability" (PCWorld). This means that all the phone's sensitive data can be wiped remotely.
• password before opening applications such as e-mail, web browser
Passwords are used to verify the identity of a user: if a phone is stolen a password must be entered to access various applications.The more passwords, the more secure the smart phone.
• keep data permanently in your data centre, not on the smartphone
This is done so that data is not lost if the mobile phone itself is lost or destroyed which is more likely for a mobile phone than a server.• some companies can wipe the data off your stolen smartphone remotely
Not unlike a kill switch: a company can be asked to destroy your data if a phone is destroyed, Lost etc.• only run apps approved by the phone company
Third party apps are more likely to cause security vulnerabilities than the actual phone operating system, since they are done by unknown and often incompetent developers. This means their apps should be put under quality control by the phone company to ensure quality and secure working of apps.e.g. The Android is much more susceptible to viruses because of its open source structure, while apple tests every app before it can be sold in the iTunes store.
• do not use unsecured Wi-Fi networks (to avoid “man-in-the-middle” attacks
1. An attack in which private data is intercepted before it reaches its destination.2. A "man in the middle" intercepts data sent from the phone over an unsecured Wi-Fi or Bluetooth network. (This data could be credit card numbers, personal addresses, sensitive files, etc.)
3. ?????
4. Profit.
• do not “jail-break” your smartphone.
Jail breaking means that additional software capability is accessed, which is not approved by the user.
jailbreaking often decreases security because safety features of the phone are disabled. (And can cause a "Bricking" of the mobile phone -- if jailbreaking fails, the phone becomes no more useful than a brick).
Some apps e.g. for jailbroken phones may only be available on an internet website, another disadvantage of jailbreaking: Unsafe apps are made available.
http://thetechjournal.com/electronics/mobile/android-phones-are-infected-by-trojan-virus.xhtml
Bluejacking:
using Bluetooth to hijack a bluetooth device, usually for sending spam.
http://en.wikipedia.org/wiki/Bluejacking
Bluesnarfing:
unauthorised access to Bluetooth device:
http://en.wikipedia.org/wiki/Bluesnarfing
Bluebugging:
http://en.wikipedia.org/wiki/Bluebugging